Tor/I2P/Freenet/GNUnet differences and opinions?

I've been reviewing multiple areas of internet encryption and anonmynity and have come across four sources (that I trust) that provide a level of both encryption and anonymous communication for internet usage. However I would love the input and experience of other AO members for the final descision on which one I will be using for personal usage.

Tor: Onion-based routing that acts as a proxy layer between the client computer and the Tor network (middlemen encrypted datatransfers, if I understand it correctly). Allows you to proxy just about anything through the Tor network to create a long string of connection points, encryption, and similar. However I am worried about DNS leaking out information and similar. How can I prevent that? How could I also prevent a man in the middle attack by someone just analyzing incoming data to eventually break the encryption key? Or is the key changed every so often?

I2P aka Invisible Internet Project: Similar to Tor but adds a second layer over TCP/IP for encryption when using other resources on the I2P network. Another middleman layout for anonymous connection but I am unsure about how well it can interact with the non-I2P networks (such as the primary internet). Again, not sure of it's security for middleman attacks.

FreeNet: Seems like a P2P transfer program rather than an alternative to current inecure TCP/Ip communications for multiple aspects of programs.

GNUnet:Seems like a P2P transfer program rather than an alternative to current insecure TCP/IP communications for multiple aspects of programs.

Any corrections? Any recommendations? Any experiences you would like to share? And please, don't link me to the websites. I've already reviewed them all and am looking moreso for clarification and first-hand experience.

Depending on what you are trying to do, I would be very suspect of a system that attempts to annonymize your connection through so many "hops" and the final link is un-encrypted. Yes, you could be subject to man-in-the-middle attacks at any point in the chain.

Any time you have to decrypt-encrypt at a hop, you open your communication to hack or to possible source discovery. Not to mention known text attacks, known cypher attacks, you name it.

Quote:

---

Originally posted here by rapier57
[B]Depending on what you are trying to do, I would be very suspect of a system that attempts to annonymize your connection through so many "hops" and the final link is un-encrypted. Yes, you could be subject to man-in-the-middle attacks at any point in the chain.

---

Well, since Tor is created and sponcered in part by EFF, I highly doubt it's something as simple as that. This might help clarification, especially on the end-user:

http://tor.eff.org/images/htw1.png
http://tor.eff.org/images/htw2.png
http://tor.eff.org/images/htw3.png

http://wiki.noreply.org/noreply/TheO...52b4dfd2ea2efd

That seems to offer a good deal of prevention against quick-cypher attacks and assist in the prevention of man-in-the-middle, but I simply don't have documentation to prove it. Thanks for your thoughts but I'm looking for people who have used Tor first hand and have run tests on it's capability.

I have played with tor coupled with privoxy for some time. As a set of software that will protect the average user from, the normal, security/privacy issues, that suround, "net usage", they are exelent.

However, they will not give a good level of protection, should you wish to avoid government, security agency, interest?

Edit:

To add.

Tor is based on onion routing, as stated. Where did that line of research come from??

Once you no the answere. Think about the consequenses.

Origonally a project of the US Navy, but not something I am concerned with.

SELinux was crafted origonally by the NSA but the open-source nature of it has assured the integrity of the code and has been improved from the origonal release.

Tor+privoxy so far seems to be the most solid.

Anyone else have suggestions or is it really this rare a subject? I don't know how many people here would even known how to trach an attack through tor networks.

guardian alpha,

I'm not sure, what angle, you are coming from.

SeLinux, may be what ever, I suspect if the NSA use it. You and I will never know or see the code involved.

As to, "trach" ing through a tor network, the encryption is not that strong? I believe. The EFF is based in the USA?? NO??

Quote:

---

SeLinux, may be what ever, I suspect if the NSA use it. You and I will never know or see the code involved.

---

Er, I personally submitted and assisted on quite a few fixes for the latest SELinux kernel patch. And I know it was released and origonally programmed by the NSA because of .. well :)

http://www.nsa.gov/selinux/

Full white-papers. Full explainations. Full download of source code. Applied to many testing distros by default (Fedora Core) and able to be applied manually to others.

Quote:

---

As to, "trach" ing through a tor network, the encryption is not that strong?

---

http://tor.eff.org/cvs/tor/doc/design-paper/tor-design.html
tor runs layered (more than one) encryption, but I am not sure how strong it's cypher strength is. And since the Tor chain changes every ten minutes, I don't know if a consumer-level product is avaliable to automate the decryption of layered encryption in under a ten minute time frame before they lose the information. Remember, in a tor network the middle men do not know the information of the origonal sender, nor the destination. They only know who it needs to go to next.

Quote:

---

I believe. The EFF is based in the USA?? NO??

---

EFF is a worldwide organization but has a primary focus on the USA due to the natural levels of censorship in effect. They help fight computer crime cases (both in defence and offensive depending on the case) as well as fund/sponcer multiple projects that will allow the user to not only stay informed on political issues regarding security but also means in which they can keep that security intact (Tor).

I'm giving it a test now and am not sure how to detect what information is being leaked from my box now. Gaim and firefox are both set to use the tor proxy (located on my computer), so how would I check for dropped information or DNS leaking?

Quote:

---

I'm giving it a test now and am not sure how to detect what information is being leaked from my box now. Gaim and firefox are both set to use the tor proxy (located on my computer), so how would I check for dropped information or DNS leaking?

---

Thats pretty much, not relevant. Tor will tell you when there is a possiblity of leakeage.

Remember, you connect to your ISPs network before you connect to the Internet. If you are not part of their subnet, they will not let you in.

Very true all this data has to run through your ISP so their is still potential for either data corruption or some other form of security breach.

I have only scratched the surface with tor, does anyone know what cipher they are using for communication between hosts or are they ment to be vpn like tunnel's

To be really secure they should be using 3DES or AES with a bitchin long key, but of course if a lot of data has to be encrypted then this will take a while on slower machines.

Well, as far as I can understand the protocol, Tor acts as a secondary layer. You send the data, pre-encrypted, to the Tor network chain. The ISP notes that it came from you but is unable to read the encrypted data stream (well, it can, but an ISP decrypting a customers data is another story). So the general attacks wouldn't be on the ISP level since it isn't decrypted until the final destination ISP received the encrypted packet, sends it to the appropriate server, and the server.. decrypts it?

No wait, that doesn't make any sense. Is it indeed encrypted before it is send and is it encrypted by the receiving computer? Or does the first Tor node encrypt it and the last Tor network decrypt it????